□ Overview
o RAONWIZ Co.,Ltd released security update to address arbitrary remote code execution vulnerability in DEXT5 Upload ActiveX module.(file transfer solution)
Vulnerability
Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
Download of code without
integrity check |
arbitrary remote code
execution |
High |
7.5 |
CVE-2020-7875 |
□ Description
o DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting
the argument, variable in the activeX module. This can be leveraged for code execution.
□ Affected Product
Affected Product
Product |
Version |
Platform |
dext5.ocx(DEXT5 Upload Control) |
5.0.0.117 |
Windows |
□ Solution
o Update the program over RAONWIZ DEXT5 Upload 5.0.0.118 version or higher.
□ Reference
[1] http://www.dext5.com/page/support/notice_view.aspx?pSeq=26
□ Etc
o Thanks to Dong-Hyeon Yu for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀 |